US20130346318A1 - Secure transaction systems and methodologies - Google Patents

Secure transaction systems and methodologies Download PDF

Info

Publication number
US20130346318A1
US20130346318A1 US13/533,343 US201213533343A US2013346318A1 US 20130346318 A1 US20130346318 A1 US 20130346318A1 US 201213533343 A US201213533343 A US 201213533343A US 2013346318 A1 US2013346318 A1 US 2013346318A1
Authority
US
United States
Prior art keywords
npcz
payment card
card information
content delivery
delivery network
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Abandoned
Application number
US13/533,343
Inventor
Gur Shatz
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Incapsula Inc
Original Assignee
Incapsula Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Incapsula Inc filed Critical Incapsula Inc
Priority to US13/533,343 priority Critical patent/US20130346318A1/en
Assigned to INCAPSULA INC. reassignment INCAPSULA INC. ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: SHATZ, GUR
Priority to EP13809143.4A priority patent/EP2864921A4/en
Priority to PCT/IL2013/050528 priority patent/WO2014002083A1/en
Publication of US20130346318A1 publication Critical patent/US20130346318A1/en
Abandoned legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/02Payment architectures, schemes or protocols involving a neutral party, e.g. certification authority, notary or trusted third party [TTP]
    • G06Q20/027Payment architectures, schemes or protocols involving a neutral party, e.g. certification authority, notary or trusted third party [TTP] involving a payment switch or gateway
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/08Payment architectures
    • G06Q20/12Payment architectures specially adapted for electronic shopping systems
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/08Payment architectures
    • G06Q20/12Payment architectures specially adapted for electronic shopping systems
    • G06Q20/123Shopping for digital content
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/34Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • G06Q20/3821Electronic credentials
    • G06Q20/38215Use of certificates or encrypted proofs of transaction rights
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • G06Q20/3823Payment protocols; Details thereof insuring higher security of transaction combining multiple encryption tools for a transaction
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/385Payment protocols; Details thereof using an alias or single-use codes

Definitions

  • the present invention relates generally to secure transaction systems and methodologies.
  • a secure transaction system including a content delivery network defining a multiplicity of edge gates for secure communication with entities outside the network, each of the edge gates including at least one of encryption functionality and decryption functionality, the encryption functionality being operative to encrypt customer payment card information into no payment card zone (NPCZ) capsules and the decryption functionality being operative to decrypt the NPCZ capsules into customer payment card information securely supplied to at least one of a plurality of payment processing entities, the content delivery network defining a NPCZ, and a plurality of seller entities entirely within the no payment card zone which conduct transactions with any of a plurality of customers and with at least one of the plurality of payment processing entities, and receive, process and transmit customer payment information using the NPCZ capsules, the plurality of seller entities not having access to unencrypted payment card information and not having the ability to decrypt encrypted payment card information.
  • NPCZ no payment card zone
  • the content delivery network controls encryption and decryption keys used for the encryption functionality and the decryption functionality but does not store NPCZ capsules.
  • the plurality of seller entities do not have access to the encryption and decryption keys used for the encryption functionality and the decryption functionality but do store NPCZ capsules.
  • the plurality of payment processing entities do not have access to the encryption and decryption keys used for the encryption functionality and the decryption functionality, but do store customer payment card information.
  • the existence and operation of the content delivery network is transparent to the plurality of customers. Additionally, the existence and operation of the content delivery network is transparent to the plurality of payment processing entities.
  • a secure transaction method in a content delivery network including encrypting, by the content delivery network, customer payment card information received from any of a plurality of customers into no payment card zone (NPCZ) capsules receiving, processing and transmitting encrypted customer payment card information, by a plurality of seller entities, using the NPCZ capsules, decrypting, by the content delivery network, the NPCZ capsules into decrypted customer payment card information, securely supplying, by the content delivery network, the decrypted customer payment card information to at least one of a plurality of payment processing entities, and the plurality of seller entities not accessing unencrypted payment card information and not decrypting encrypted payment card information.
  • NPCZ no payment card zone
  • the method also includes controlling, by the content delivery network, encryption and decryption keys used for the encrypting and the decrypting.
  • the NPCZ capsules are not stored by the content delivery network.
  • the method also includes storing the NPCZ capsules by the seller entities.
  • the encryption and decryption keys are not accessed by the seller entities.
  • the method also includes storing customer payment card information by the plurality of payment processing entities.
  • the encryption and decryption keys are not accessed by the plurality of payment processing entities.
  • the existence and operation of the content delivery network is transparent to the plurality of customers. Additionally, the existence and operation of the content delivery network is transparent to the plurality of payment processing entities.
  • FIG. 1 is a simplified illustration of a secure transaction system constructed and operative in accordance with a preferred embodiment of the present invention
  • FIG. 2 is a simplified functional block diagram illustration of one embodiment of the system of FIG. 1 ;
  • FIG. 3 is a simplified flow chart illustrating one embodiment of a secure transaction methodology.
  • FIG. 1 is a simplified illustration of a secure transaction system constructed and operative in accordance with a preferred embodiment of the present invention.
  • the secure transaction system includes a content delivery network 100 , here depicted as a cloud, which defines a protected zone which encapsulates at least one website.
  • the content delivery network 100 preferably defines a multiplicity of edge gates, each embodied in at least one computer server for secure communication with entities outside the network.
  • the computer servers are designated by reference numerals 102 , 104 , 106 , 108 , 110 and 112 .
  • Each such computer server provides at least one and preferably both of encryption and decryption functionality.
  • decryption functionality can be performed either by one of the computer servers or alternatively by an additional server (not shown), which is not part of the content delivery network.
  • decryption functionality may be implemented by using either a forward proxy or a reverse proxy.
  • the content delivery network defines a No Payment Card Zone.
  • the aforesaid encryption functionality is operative to encrypt customer payment card information into NPCZ (No Payment Card Zone) capsules which do not contain customer payment card information in a non-encrypted form.
  • NPCZ No Payment Card Zone
  • the aforesaid decryption functionality is operative to decrypt the NPCZ capsules into customer payment card information which is securely supplied to at least one of a plurality of PPEs (Payment Processing Entities).
  • Payment Processing Entities includes one or more of Credit Card Payment Processors, such as FirstData and TSYS, and Payment Gateways, such as Authorize.net®, WorldPayTM and Beanstream®.
  • the Payment Processing Entities preferably do not have access to encryption and decryption keys or to NPCZ capsule encryption and decryption functionality.
  • content delivery network 100 is operative to manage encryption and decryption keys used by the encryption functionality and the decryption functionality provided by the computer servers.
  • the computer servers preferably do not store encrypted NPCZ capsules.
  • the at least one website may include a plurality of seller entities.
  • the seller entities preferably conduct transactions with any of a plurality of customers and with multiple PPEs, and preferably receive, process and transmit customer payment information using the NPCZ capsules without the plurality of seller entities having access to any of unencrypted payment card information, encryption and decryption keys, and NPCZ capsule decryption functionality.
  • a customer of a seller entity 116 initiates a transaction with seller entity 116 .
  • the customer's payment card information is encrypted into an NPCZ capsule 120 by encryption functionality provided by server 102 .
  • NPCZ Capsule 120 is preferably routed by server 102 to seller entity 116 , which then forwards NPCZ capsule 120 to a PPE 122 , such as, for example, a Bank of America payment processing center, via a second edge gate embodied in server 106 .
  • PPE 122 such as, for example, a Bank of America payment processing center
  • seller entity 116 may forward NPCZ capsule 120 to PPE 122 via the first edge gate embodied in server 102 .
  • NPCZ capsule 120 Upon reaching server 106 , NPCZ capsule 120 is decrypted by decryption functionality provided by server 106 into the original customer payment card information, which is then securely supplied to PPE 122 , thereby completing the transaction.
  • decryption functionality may be implemented by using either a forward proxy or a reverse proxy.
  • content delivery network 100 which facilitates of the aforementioned path of customer payment card information from the customer to PPE 122 , is transparent to both the customer and to PPE 122 .
  • a customer of a seller entity 146 initiates a transaction with seller entity 146 .
  • the customer's payment card information is encrypted into an NPCZ capsule 150 by encryption functionality provided by server 112 .
  • NPCZ Capsule 150 is preferably routed by server 112 to seller entity 146 , which then forwards NPCZ capsule 150 to a PPE 152 , such as, for example, a G Bank processing center, via a fourth edge gate embodied in server 108 .
  • PPE 152 such as, for example, a G Bank processing center
  • seller entity 146 may forward NPCZ capsule 150 to PPE 152 via the third edge gate embodied in server 112 .
  • NPCZ capsule 150 Upon reaching server 108 , NPCZ capsule 150 is decrypted by decryption functionality provided by server 108 into the original customer payment card information, which is then securely supplied to PPE 152 , thereby completing the transaction.
  • decryption functionality may be implemented by using either a forward proxy or a reverse proxy.
  • content delivery network 100 which facilitates of the aforementioned path of customer payment card information from the customer to PPE 152 , is transparent to both the customer and to PPE 152 .
  • a content delivery network 200 preferably comprises a multiplicity of edge gates 202 .
  • Each of edge gates 202 preferably comprises encryption functionality 210 and decryption functionality 212 .
  • a plurality of customers 220 preferably communicate with content delivery network 200 via edge gates 202 , where customer payment card information is encrypted by encryption functionality 210 .
  • a plurality of sellers 230 are operative to receive encrypted customer payment card information from edge gates 202 and to process and transmit encrypted customer payment information using the NPCZ capsules to edge gates 202 where encrypted customer payment card information is decrypted by decryption functionality 212 . Decrypted customer payment card information is then transmitted to any of a plurality of payment processing entities 240 .
  • FIG. 3 is a simplified flow chart illustrating one embodiment of a secure transaction methodology.
  • a customer initiates a transaction with a seller entity within a content delivery network ( 300 ).
  • the customer's payment card information is encrypted into an NPCZ capsule by encryption functionality provided by the first edge gate ( 302 ).
  • the NPCZ capsule is preferably routed by the first edge gate to the seller entity ( 304 ), which then forwards the NPCZ capsule to a payment processing entity via a second edge gate ( 306 ).
  • the NPCZ capsule Upon reaching the second edge gate, the NPCZ capsule is decrypted by decryption functionality provided by the second edge gate into the original customer payment card information ( 308 ). The decrypted customer payment card information is then securely supplied to the payment processing entity ( 310 ), thereby completing the transaction ( 312 ).

Abstract

A secure transaction system including a content delivery network defining edge gates for secure communication with entities outside the network, each edge gate including at least one of encryption and decryption functionality, the encryption functionality being operative to encrypt customer payment card information into no payment card zone (NPCZ) capsules and the decryption functionality being operative to decrypt the NPCZ capsules into customer payment card information securely supplied to at least one of a plurality of payment processing entities, the content delivery network defining a NPCZ, and a plurality of seller entities within the NPCZ which conduct transactions with a plurality of customers and with at least one of the payment processing entities, and receive, process and transmit customer payment information using the NPCZ capsules, the plurality of seller entities not having access to unencrypted payment card information and not having the ability to decrypt encrypted payment card information.

Description

    FIELD OF THE INVENTION
  • The present invention relates generally to secure transaction systems and methodologies.
    • BACKGROUND OF THE INVENTION
  • The following publications are believed to represent the current state of the art:
  • U.S. Pat. Nos. 7,210,622; 7,310,729; 7,660,296; 7,672,873; 7,711,647; 7,743,132; and
  • U.S. Published Patent Application Nos. 2011/0153380 and 2004/0093419.
    • SUMMARY OF THE INVENTION
  • The present invention seeks to provide improved secure transaction systems and methodologies. There is thus provided in accordance with a preferred embodiment of the present invention a secure transaction system including a content delivery network defining a multiplicity of edge gates for secure communication with entities outside the network, each of the edge gates including at least one of encryption functionality and decryption functionality, the encryption functionality being operative to encrypt customer payment card information into no payment card zone (NPCZ) capsules and the decryption functionality being operative to decrypt the NPCZ capsules into customer payment card information securely supplied to at least one of a plurality of payment processing entities, the content delivery network defining a NPCZ, and a plurality of seller entities entirely within the no payment card zone which conduct transactions with any of a plurality of customers and with at least one of the plurality of payment processing entities, and receive, process and transmit customer payment information using the NPCZ capsules, the plurality of seller entities not having access to unencrypted payment card information and not having the ability to decrypt encrypted payment card information.
  • Preferably, the content delivery network controls encryption and decryption keys used for the encryption functionality and the decryption functionality but does not store NPCZ capsules. Preferably, the plurality of seller entities do not have access to the encryption and decryption keys used for the encryption functionality and the decryption functionality but do store NPCZ capsules.
  • Preferably, the plurality of payment processing entities do not have access to the encryption and decryption keys used for the encryption functionality and the decryption functionality, but do store customer payment card information.
  • In accordance with a preferred embodiment of the present invention, the existence and operation of the content delivery network is transparent to the plurality of customers. Additionally, the existence and operation of the content delivery network is transparent to the plurality of payment processing entities.
  • There is also provided in accordance with another preferred embodiment of the present invention a secure transaction method in a content delivery network including encrypting, by the content delivery network, customer payment card information received from any of a plurality of customers into no payment card zone (NPCZ) capsules receiving, processing and transmitting encrypted customer payment card information, by a plurality of seller entities, using the NPCZ capsules, decrypting, by the content delivery network, the NPCZ capsules into decrypted customer payment card information, securely supplying, by the content delivery network, the decrypted customer payment card information to at least one of a plurality of payment processing entities, and the plurality of seller entities not accessing unencrypted payment card information and not decrypting encrypted payment card information.
  • Preferably, the method also includes controlling, by the content delivery network, encryption and decryption keys used for the encrypting and the decrypting. Preferably, the NPCZ capsules are not stored by the content delivery network. Preferably, the method also includes storing the NPCZ capsules by the seller entities. Preferably, the encryption and decryption keys are not accessed by the seller entities.
  • Preferably, the method also includes storing customer payment card information by the plurality of payment processing entities. Preferably, the encryption and decryption keys are not accessed by the plurality of payment processing entities.
  • In accordance with a preferred embodiment of the present invention, the existence and operation of the content delivery network is transparent to the plurality of customers. Additionally, the existence and operation of the content delivery network is transparent to the plurality of payment processing entities.
    • BRIEF DESCRIPTION OF THE DRAWINGS
  • The present invention will be understood and appreciated more fully from the following detailed description, taken in conjunction with the drawings in which:
  • FIG. 1 is a simplified illustration of a secure transaction system constructed and operative in accordance with a preferred embodiment of the present invention;
  • FIG. 2 is a simplified functional block diagram illustration of one embodiment of the system of FIG. 1; and
  • FIG. 3 is a simplified flow chart illustrating one embodiment of a secure transaction methodology.
    •  DETAILED DESCRIPTION OF A PREFERRED EMBODIMENT
  • Reference is now made to FIG. 1, which is a simplified illustration of a secure transaction system constructed and operative in accordance with a preferred embodiment of the present invention. As seen in FIG. 1, the secure transaction system includes a content delivery network 100, here depicted as a cloud, which defines a protected zone which encapsulates at least one website.
  • The content delivery network 100 preferably defines a multiplicity of edge gates, each embodied in at least one computer server for secure communication with entities outside the network. In the illustration of FIG. 1, the computer servers are designated by reference numerals 102, 104, 106, 108, 110 and 112. Each such computer server provides at least one and preferably both of encryption and decryption functionality.
  • It is appreciated that the decryption functionality can be performed either by one of the computer servers or alternatively by an additional server (not shown), which is not part of the content delivery network.
  • It is further appreciated that the decryption functionality may be implemented by using either a forward proxy or a reverse proxy.
  • It is a particular feature of the present invention that, by prohibiting unencrypted customer payment card information from being present in the protected zone, the content delivery network defines a No Payment Card Zone.
  • The aforesaid encryption functionality is operative to encrypt customer payment card information into NPCZ (No Payment Card Zone) capsules which do not contain customer payment card information in a non-encrypted form.
  • The aforesaid decryption functionality is operative to decrypt the NPCZ capsules into customer payment card information which is securely supplied to at least one of a plurality of PPEs (Payment Processing Entities). For the purposes of the present application, the term “Payment Processing Entities” includes one or more of Credit Card Payment Processors, such as FirstData and TSYS, and Payment Gateways, such as Authorize.net®, WorldPay™ and Beanstream®. The Payment Processing Entities preferably do not have access to encryption and decryption keys or to NPCZ capsule encryption and decryption functionality.
  • It is appreciated that content delivery network 100 is operative to manage encryption and decryption keys used by the encryption functionality and the decryption functionality provided by the computer servers. The computer servers preferably do not store encrypted NPCZ capsules.
  • It is a particular feature of the present invention that the at least one website may include a plurality of seller entities. The seller entities preferably conduct transactions with any of a plurality of customers and with multiple PPEs, and preferably receive, process and transmit customer payment information using the NPCZ capsules without the plurality of seller entities having access to any of unencrypted payment card information, encryption and decryption keys, and NPCZ capsule decryption functionality.
  • As shown in FIG. 1, a customer of a seller entity 116, such as the Continental Hotel, initiates a transaction with seller entity 116. As clearly shown in FIG. 1, upon reaching a first edge gate embodied in server 102, the customer's payment card information is encrypted into an NPCZ capsule 120 by encryption functionality provided by server 102. NPCZ Capsule 120 is preferably routed by server 102 to seller entity 116, which then forwards NPCZ capsule 120 to a PPE 122, such as, for example, a Bank of America payment processing center, via a second edge gate embodied in server 106. It is appreciated that alternatively, depending on the location of PPE 122, seller entity 116 may forward NPCZ capsule 120 to PPE 122 via the first edge gate embodied in server 102.
  • Upon reaching server 106, NPCZ capsule 120 is decrypted by decryption functionality provided by server 106 into the original customer payment card information, which is then securely supplied to PPE 122, thereby completing the transaction. As mentioned hereinabove, it is appreciated that the decryption functionality may be implemented by using either a forward proxy or a reverse proxy. It is also appreciated that the existence and operation of content delivery network 100, which facilitates of the aforementioned path of customer payment card information from the customer to PPE 122, is transparent to both the customer and to PPE 122.
  • As further shown in FIG. 1, a customer of a seller entity 146, such as a local mall, initiates a transaction with seller entity 146. As clearly shown in FIG. 1, upon reaching a third edge gate embodied in server 112, the customer's payment card information is encrypted into an NPCZ capsule 150 by encryption functionality provided by server 112. NPCZ Capsule 150 is preferably routed by server 112 to seller entity 146, which then forwards NPCZ capsule 150 to a PPE 152, such as, for example, a G Bank processing center, via a fourth edge gate embodied in server 108. It is appreciated that alternatively, depending on the location of PPE 152, seller entity 146 may forward NPCZ capsule 150 to PPE 152 via the third edge gate embodied in server 112.
  • Upon reaching server 108, NPCZ capsule 150 is decrypted by decryption functionality provided by server 108 into the original customer payment card information, which is then securely supplied to PPE 152, thereby completing the transaction. As mentioned hereinabove, it is appreciated that the decryption functionality may be implemented by using either a forward proxy or a reverse proxy. It is also appreciated that the existence and operation of content delivery network 100, which facilitates of the aforementioned path of customer payment card information from the customer to PPE 152, is transparent to both the customer and to PPE 152.
  • Reference is now made to FIG. 2, which is a simplified functional block diagram illustration of one embodiment of the system of FIG. 1. As shown in FIG. 2, a content delivery network 200 preferably comprises a multiplicity of edge gates 202. Each of edge gates 202 preferably comprises encryption functionality 210 and decryption functionality 212. A plurality of customers 220 preferably communicate with content delivery network 200 via edge gates 202, where customer payment card information is encrypted by encryption functionality 210.
  • A plurality of sellers 230 are operative to receive encrypted customer payment card information from edge gates 202 and to process and transmit encrypted customer payment information using the NPCZ capsules to edge gates 202 where encrypted customer payment card information is decrypted by decryption functionality 212. Decrypted customer payment card information is then transmitted to any of a plurality of payment processing entities 240.
  • Reference is now made to FIG. 3, which is a simplified flow chart illustrating one embodiment of a secure transaction methodology. As shown in FIG. 3, a customer initiates a transaction with a seller entity within a content delivery network (300). Upon reaching a first edge gate of a content delivery network, the customer's payment card information is encrypted into an NPCZ capsule by encryption functionality provided by the first edge gate (302).
  • Thereafter, the NPCZ capsule is preferably routed by the first edge gate to the seller entity (304), which then forwards the NPCZ capsule to a payment processing entity via a second edge gate (306).
  • Upon reaching the second edge gate, the NPCZ capsule is decrypted by decryption functionality provided by the second edge gate into the original customer payment card information (308). The decrypted customer payment card information is then securely supplied to the payment processing entity (310), thereby completing the transaction (312).
  • It will be appreciated by persons skilled in the art that the present invention is not limited by what has been particularly shown and described hereinabove. Rather the scope of the present invention includes both combinations and subcombinations of the various features described hereinabove as well as modifications thereof which would occur to persons skilled in the art upon reading the foregoing description and which are not in the prior art.

Claims (15)

1. A secure transaction system comprising:
a content delivery network defining a multiplicity of edge gates for secure communication with entities outside the network, each of said edge gates comprising at least one of encryption functionality and decryption functionality, said encryption functionality being operative to encrypt customer payment card information into no payment card zone (NPCZ) capsules and said decryption functionality being operative to decrypt said NPCZ capsules into customer payment card information securely supplied to at least one of a plurality of payment processing entities, said content delivery network defining a NPCZ; and
a plurality of seller entities entirely within said no payment card zone which conduct transactions with any of a plurality of customers and with at least one of said plurality of payment processing entities, and receive, process and transmit customer payment information using said NPCZ capsules, said plurality of seller entities not having access to unencrypted payment card information and not having the ability to decrypt encrypted payment card information.
2. A secure transaction system according to claim 1 and wherein said content delivery network controls encryption and decryption keys used for said encryption functionality and said decryption functionality but does not store NPCZ capsules.
3. A secure transaction system according to claim 2 and wherein said plurality of seller entities do not have access to said encryption and decryption keys used for said encryption functionality and said decryption functionality but do store NPCZ capsules.
4. A secure transaction system according to claim 2 and wherein said plurality of payment processing entities do not have access to said encryption and decryption keys used for said encryption functionality and said decryption functionality, but do store customer payment card information.
5. A secure transaction system according to claim 1 and wherein the existence and operation of said content delivery network is transparent to said plurality of customers.
6. A secure transaction system according to claim 1 and wherein the existence and operation of said content delivery network is transparent to said plurality of payment processing entities.
7. A secure transaction method in a content delivery network comprising:
encrypting, by said content delivery network, customer payment card information received from any of a plurality of customers into no payment card zone (NPCZ) capsules;
receiving, processing and transmitting encrypted customer payment card information, by a plurality of seller entities, using said NPCZ capsules;
decrypting, by said content delivery network, said NPCZ capsules into decrypted customer payment card information;
securely supplying, by said content delivery network, said decrypted customer payment card information to at least one of a plurality of payment processing entities; and
said plurality of seller entities not accessing unencrypted payment card information and not decrypting encrypted payment card information.
8. A secure transaction method according to claim 7 and also comprising controlling, by said content delivery network, encryption and decryption keys used for said encrypting and said decrypting.
9. A secure transaction method according to claim 7 and wherein said NPCZ capsules are not stored by said content delivery network.
10. A secure transaction method according to claim 7 and also comprising storing said NPCZ capsules by said seller entities.
11. A secure transaction method according to claim 8 and wherein said encryption and decryption keys are not accessed by said seller entities.
12. A secure transaction method according to claim 7 and also comprising storing customer payment card information by said plurality of payment processing entities.
13. A secure transaction method according to claim 7 and wherein said encryption and decryption keys are not accessed by said plurality of payment processing entities.
14. A secure transaction method according to claim 7 and wherein the existence and operation of said content delivery network is transparent to said plurality of customers.
15. A secure transaction method according to claim 7 and wherein the existence and operation of said content delivery network is transparent to said plurality of payment processing entities.
US13/533,343 2012-06-26 2012-06-26 Secure transaction systems and methodologies Abandoned US20130346318A1 (en)

Priority Applications (3)

Application Number Priority Date Filing Date Title
US13/533,343 US20130346318A1 (en) 2012-06-26 2012-06-26 Secure transaction systems and methodologies
EP13809143.4A EP2864921A4 (en) 2012-06-26 2013-06-19 Secure transaction systems and methodologies
PCT/IL2013/050528 WO2014002083A1 (en) 2012-06-26 2013-06-19 Secure transaction systems and methodologies

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
US13/533,343 US20130346318A1 (en) 2012-06-26 2012-06-26 Secure transaction systems and methodologies

Publications (1)

Publication Number Publication Date
US20130346318A1 true US20130346318A1 (en) 2013-12-26

Family

ID=49775270

Family Applications (1)

Application Number Title Priority Date Filing Date
US13/533,343 Abandoned US20130346318A1 (en) 2012-06-26 2012-06-26 Secure transaction systems and methodologies

Country Status (3)

Country Link
US (1) US20130346318A1 (en)
EP (1) EP2864921A4 (en)
WO (1) WO2014002083A1 (en)

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6163771A (en) * 1997-08-28 2000-12-19 Walker Digital, Llc Method and device for generating a single-use financial account number
US20060247982A1 (en) * 1999-07-26 2006-11-02 Stolfo Salvatore J Electronic purchase of goods over a communications network including physical delivery while securing private and personal information of the purchasing party
US20070125840A1 (en) * 2005-12-06 2007-06-07 Boncle, Inc. Extended electronic wallet management

Family Cites Families (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
SG124290A1 (en) * 2001-07-23 2006-08-30 Ntt Docomo Inc Electronic payment method, system, and devices
US9916581B2 (en) * 2002-02-05 2018-03-13 Square, Inc. Back end of payment system associated with financial transactions using card readers coupled to mobile devices
US20040010711A1 (en) * 2002-07-10 2004-01-15 Weiming Tang Secure communications and control in a fueling environment
US7310729B2 (en) * 2003-03-12 2007-12-18 Limelight Networks, Inc. Digital rights management license delivery system and method
US7711647B2 (en) * 2004-06-10 2010-05-04 Akamai Technologies, Inc. Digital rights management in a distributed network
US7809169B2 (en) * 2005-03-02 2010-10-05 Martinez Pamela J Secure point of sales biometric identification process and financial system for standalone and remove device transactions (paysecure)
US20070192344A1 (en) * 2005-12-29 2007-08-16 Microsoft Corporation Threats and countermeasures schema
US8769279B2 (en) * 2006-10-17 2014-07-01 Verifone, Inc. System and method for variable length encryption
US7451926B2 (en) * 2006-11-03 2008-11-18 Microsoft Corporation Securing payment data
EP2504803A4 (en) * 2009-11-24 2014-11-19 John Anthony Joyce A method and system for providing an internet based transaction
US9355389B2 (en) * 2010-12-06 2016-05-31 Voltage Security, Inc. Purchase transaction system with encrypted payment card data

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6163771A (en) * 1997-08-28 2000-12-19 Walker Digital, Llc Method and device for generating a single-use financial account number
US20060247982A1 (en) * 1999-07-26 2006-11-02 Stolfo Salvatore J Electronic purchase of goods over a communications network including physical delivery while securing private and personal information of the purchasing party
US20070125840A1 (en) * 2005-12-06 2007-06-07 Boncle, Inc. Extended electronic wallet management

Also Published As

Publication number Publication date
EP2864921A4 (en) 2016-02-17
EP2864921A1 (en) 2015-04-29
WO2014002083A1 (en) 2014-01-03

Similar Documents

Publication Publication Date Title
US11068608B2 (en) Mutual authentication of software layers
US20150206137A1 (en) Secure method to store sensitive data
US10523644B2 (en) System and method for secure digital sharing based on an inter-system exchange of a two-tier double encrypted digital information key
CA2808369C (en) System for protecting an encrypted information unit
US11159496B2 (en) Systems and method for providing a data security service
US8488785B2 (en) Secure storage and retrieval of confidential information
US20110161671A1 (en) System and method for securing data
US20160232523A1 (en) Method for securing over-the-air communication between a mobile application and a gateway
CN106537432A (en) Method and device for securing access to wallets in which cryptocurrencies are stored
JP6743276B2 (en) System and method for end-to-end key management
US11431683B2 (en) Secure and trusted data communication system
US9686251B2 (en) Devices and techniques for controlling disclosure of sensitive information
US10430789B1 (en) System, method and computer program product for secure retail transactions (SRT)
US11895153B1 (en) Secure electronic transactions using transport layer security (SETUTLS)
CN113316765B (en) Methods, systems, and computer program products for network binding agent re-encryption and PIN translation
KR20140137223A (en) System and Method for Payment using Encrypted Card Information
KR101517914B1 (en) Pos system and managing method for public key of the same
CN114641772A (en) System, method and computer program product for secure key management
US20230177171A1 (en) Implementing a cryptography agent and a secure hardware-based enclave to prevent computer hacking of client applications
US20130346318A1 (en) Secure transaction systems and methodologies
US20170026366A1 (en) Providing a virtual connection for transmitting application data units
KR20180136267A (en) Method for Protecting Personal Data Using Homomorphic Encryption
Hasan et al. AES Encryption for Secure Storage and Transfer of Patient Health Records using Blockchain Technology

Legal Events

Date Code Title Description
AS Assignment

Owner name: INCAPSULA INC., DELAWARE

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:SHATZ, GUR;REEL/FRAME:028842/0805

Effective date: 20120812

STCB Information on status: application discontinuation

Free format text: ABANDONED -- FAILURE TO RESPOND TO AN OFFICE ACTION